package com.woniuxy.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

public class RolesFilter extends AuthorizationFilter{
	//返回值：true代表能访问、false代表不能
		@Override
		protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
				throws Exception {
			//1.获取subject
			Subject currentUser = SecurityUtils.getSubject();
			//2.获取配置文件信息：获取配置了哪些角色
			String[] roles = (String[])mappedValue;
			//3.判断当前用户有没有其中的一种，只要有直接返回true
			if (roles!=null && roles.length!=0) {//避免没有配置导致出异常
				for (String role : roles) {
					if (currentUser.hasRole(role)) {
						return true;
					}
				}
			}
			
			return false;
		}
}